private MethodDef GenerateRefMethod(string methodName) { var refMethod = new MethodDefUser( "_" + Guid.NewGuid().ToString("D").ToUpper().Substring(2, 5), MethodSig.CreateStatic(_moduleDefMd.ImportAsTypeSig(typeof(double))), MethodAttributes.Private | MethodAttributes.Static | MethodAttributes.HideBySig) { Signature = new MethodSig { Params = { _moduleDefMd.ImportAsTypeSig(typeof(double)) }, RetType = _moduleDefMd.ImportAsTypeSig(typeof(double)) } }; var cil = new CilBody { Instructions = { OpCodes.Ldarg_0.ToInstruction(), OpCodes.Call.ToInstruction(GetMethod(typeof(Math), methodName, new[]{ typeof(double) })), OpCodes.Stloc_0.ToInstruction(), OpCodes.Ldloc_0.ToInstruction(), OpCodes.Ret.ToInstruction() } }; refMethod.Body = cil; refMethod.Body.Variables.Add(new Local(_moduleDefMd.ImportAsTypeSig(typeof(double)))); return(refMethod.ResolveMethodDef()); }
public void Obfuscate() { var i = 0; _protectionses.ForEach(x => { Logger.Push($"{++i}) {x.Name}: {x.Description}"); }); Logger.Push("Select options: ", Logger.TypeLine.Default); var prefers = Console.ReadLine()?.ToCharArray().Select(x => int.Parse(x.ToString()) - 1).ToList(); if (prefers != null) { foreach (var options in prefers) { _protectionses[options].Run(_moduleDefMd); } } void Watermark() { Logger.Push("Watermarking..."); var attribute = new TypeDefUser("", "OctopusObfuscator", _moduleDefMd.ImportAsTypeSig(typeof(Attribute)).ToTypeDefOrRef()); _moduleDefMd.Types.Add(attribute); var body = new MethodDefUser( "_" + Guid.NewGuid().ToString("n").ToUpper().Substring(2, 5), MethodSig.CreateStatic(_moduleDefMd.ImportAsTypeSig(typeof(void))), MethodAttributes.Static | MethodAttributes.Public); attribute.Methods.Add(body); _moduleDefMd.CustomAttributes.Add(new CustomAttribute(body)); } Watermark(); SaveAssembly(_moduleDefMd); _stopwatch.Stop(); Logger.Push($"Obfuscation task finished. Time elapsed: {_stopwatch.Elapsed}"); }
public void Run(ModuleDefMD moduleDefMd) { var memoryStream = new MemoryStream { Position = 0 }; var antiTamperData = new AntiTamperData(moduleDefMd); antiTamperData.Initialize(); var released = new List <Tuple <MethodDef, List <Instruction> > >(); foreach (var typeDef in moduleDefMd.GetTypes().Where(x => x.HasMethods && !x.IsGlobalModuleType)) { foreach (var methodDef in typeDef.Methods.Where(x => x.HasBody && x.ReturnType == moduleDefMd.ImportAsTypeSig(typeof(void)))) { var boolean = new Local(moduleDefMd.ImportAsTypeSig(typeof(bool))); methodDef.Body.Variables.Add(boolean); var instructions = methodDef.Body.Instructions; instructions.Insert(0, OpCodes.Newobj.ToInstruction(antiTamperData.GetMethod(".ctor"))); instructions.Insert(1, OpCodes.Ldc_I4.ToInstruction(0)); instructions.Insert(2, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetFrame"))); instructions.Insert(3, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetMethod"))); instructions.Insert(4, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetMethodBody"))); instructions.Insert(5, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetILAsByteArray"))); instructions.Insert(6, OpCodes.Ldlen.ToInstruction()); instructions.Insert(7, OpCodes.Conv_I4.ToInstruction()); instructions.Insert(8, OpCodes.Ldc_I4.ToInstruction(methodDef.Body.GetILAsByteArray().Length)); instructions.Insert(9, OpCodes.Ceq.ToInstruction()); instructions.Insert(10, OpCodes.Stloc.ToInstruction(boolean)); instructions.Insert(11, OpCodes.Ldloc.ToInstruction(boolean)); instructions.Insert(12, OpCodes.Brfalse.ToInstruction(instructions[instructions.Count - 1])); released.Add(new Tuple <MethodDef, List <Instruction> >(methodDef, instructions.ToList())); } } moduleDefMd.Write(memoryStream); released.ForEach(x => { /* Overriding size of il, because new instructions have been added */ x.Item2[8].Operand = OpCodes.Ldc_I4; x.Item2[8].Operand = GetIlLength((x.Item1, memoryStream.ToArray())); }); }
public void Execute(ModuleDefMD moduleDefMD) { Console.ForegroundColor = ConsoleColor.Green; Logger.Push($"{nameof(StringMelt)} working..."); Console.ForegroundColor = ConsoleColor.Gray; int countFixed = 0; var junkMethod = new List <MethodDef>(); foreach (var typeDef in moduleDefMD.GetTypes()) { foreach (var methodDef in typeDef.Methods.Where(x => x.HasBody)) { var instructions = methodDef.Body.Instructions; for (int i = 0; i < instructions.Count; i++) { if (instructions[i].OpCode == OpCodes.Call && instructions[i].Operand is MethodDef refMethod && refMethod.ReturnType == moduleDefMD.ImportAsTypeSig(typeof(string)) && refMethod.IsStatic && refMethod.Body.Instructions.Count == 2) { instructions[i].OpCode = OpCodes.Ldstr; instructions[i].Operand = refMethod.Body.Instructions.First().Operand.ToString(); junkMethod.Add(refMethod); countFixed++; } } } foreach (var methodDef in junkMethod) { typeDef.Methods.Remove(methodDef); } junkMethod.Clear(); } Logger.Push($"{nameof(StringMelt)} fixed: {countFixed}"); }
private static TypeDefUser GenerateTraceType(ModuleDefMD mod) { var traceType = new TypeDefUser( typeof(SharpFuzz.Common.Trace).FullName, mod.CorLibTypes.Object.TypeDefOrRef ); traceType.Attributes = TypeAttributes.Public | TypeAttributes.Abstract | TypeAttributes.Sealed | TypeAttributes.BeforeFieldInit; var sharedMemField = new FieldDefUser( nameof(Common.Trace.SharedMem), new FieldSig(new PtrSig(mod.CorLibTypes.Byte)), FieldAttributes.Public | FieldAttributes.Static ); var prevLocationField = new FieldDefUser( nameof(Common.Trace.PrevLocation), new FieldSig(mod.CorLibTypes.Int32), FieldAttributes.Public | FieldAttributes.Static ); var onBranchField = new FieldDefUser( nameof(Common.Trace.OnBranch), new FieldSig(mod.ImportAsTypeSig(typeof(Action <int, string>))), FieldAttributes.Public | FieldAttributes.Static ); traceType.Fields.Add(sharedMemField); traceType.Fields.Add(prevLocationField); traceType.Fields.Add(onBranchField); var cctorSig = MethodSig.CreateStatic(mod.CorLibTypes.Void); var cctorImplFlags = MethodImplAttributes.IL | MethodImplAttributes.Managed; var cctorFlags = MethodAttributes.Private | MethodAttributes.HideBySig | MethodAttributes.SpecialName | MethodAttributes.RTSpecialName | MethodAttributes.Static; var cctor = new MethodDefUser(".cctor", cctorSig, cctorImplFlags, cctorFlags); traceType.Methods.Add(cctor); var body = new CilBody { InitLocals = false, MaxStack = 1 }; cctor.Body = body; var local = new Local(mod.CorLibTypes.IntPtr); body.Variables.Add(local); var marshalType = mod.Types.Single(type => type.FullName == typeof(Marshal).FullName); var intPtrType = mod.Types.Single(type => type.FullName == typeof(IntPtr).FullName); var allocHGlobal = marshalType.FindMethod( nameof(Marshal.AllocHGlobal), MethodSig.CreateStatic(mod.CorLibTypes.IntPtr, mod.CorLibTypes.Int32) ); var toPointer = intPtrType.FindMethod( nameof(IntPtr.ToPointer), MethodSig.CreateInstance(new PtrSig(mod.CorLibTypes.Void)) ); body.Instructions.Add(OpCodes.Ldc_I4.ToInstruction(MapSize)); body.Instructions.Add(OpCodes.Call.ToInstruction(allocHGlobal)); body.Instructions.Add(OpCodes.Stloc_0.ToInstruction()); body.Instructions.Add(OpCodes.Ldloca_S.ToInstruction(local)); body.Instructions.Add(OpCodes.Call.ToInstruction(toPointer)); body.Instructions.Add(OpCodes.Stsfld.ToInstruction(sharedMemField)); body.Instructions.Add(OpCodes.Ret.ToInstruction()); return(traceType); }